git.openpandora.org / pandora-u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 86eeac7)
power: regulator: gpio-regulator: protect count value
authorPatrick Delaunay <patrick.delaunay@st.com>
Thu, 10 Sep 2020 16:18:16 +0000 (18:18 +0200)
committerTom Rini <trini@konsulko.com>
Fri, 23 Oct 2020 17:33:06 +0000 (13:33 -0400)
Update the size of states_array to avoid overflow for
dev_pdata->voltages[j] and dev_pdata->states[j].

As the size of array is GPIO_REGULATOR_MAX_STATES, the size of
states_array is limited by GPIO_REGULATOR_MAX_STATES * 2 = 4
instead of 8 previously.

The value of the "count" variable is limited by the third parameter of
fdtdec_get_int_array_count.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
drivers/power/regulator/gpio-regulator.c patch | blob | history

diff --git a/drivers/power/regulator/gpio-regulator.c b/drivers/power/regulator/gpio-regulator.c
index 947f812..017a364 100644 (file)
--- a/drivers/power/regulator/gpio-regulator.c
+++ b/drivers/power/regulator/gpio-regulator.c
@@ -35,7 +35,7 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev)
        const void *blob = gd->fdt_blob;
        int node = dev_of_offset(dev);
        int ret, count, i, j;
-       u32 states_array[8];
+       u32 states_array[GPIO_REGULATOR_MAX_STATES * 2];
 
        dev_pdata = dev_get_platdata(dev);
        uc_pdata = dev_get_uclass_platdata(dev);
@@ -58,7 +58,8 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev)
                debug("regulator gpio - not found! Error: %d", ret);
 
        count = fdtdec_get_int_array_count(blob, node, "states",
-                                          states_array, 8);
+                                          states_array,
+                                          ARRAY_SIZE(states_array));
 
        if (!count)
                return -EINVAL;
Pandora U-Boot Repository